wireshark/epan/dissectors/packet-osi.c
Michael Mann 268841f3e0 Combine Decode As and port preferences for tcp.port dissector table.
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table.  It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.

The tcp.port dissector table was used as the guinea pig.  This will eventually be
expanded to other dissector tables as well (most notably UDP ports).  Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.

Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference

Also added comments for TCP ports used that aren't IANA registered.

Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-10-08 02:44:53 +00:00

579 lines
17 KiB
C

/* packet-osi.c
* Routines for ISO/OSI network and transport protocol packet disassembly
* Main entrance point and common functions
*
* Laurent Deniel <laurent.deniel@free.fr>
* Ralf Schneider <Ralf.Schneider@t-online.de>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "config.h"
#include <epan/packet.h>
#include <epan/prefs.h>
#include <epan/llcsaps.h>
#include <epan/aftypes.h>
#include <epan/nlpid.h>
#include <epan/ppptypes.h>
#include <epan/chdlctypes.h>
#include <epan/ipproto.h>
#include "packet-osi.h"
#include "packet-tpkt.h"
#include "packet-juniper.h"
void proto_reg_handoff_osi(void);
void proto_register_osi(void);
int proto_osi = -1;
static int hf_osi_nlpid = -1;
static dissector_handle_t osi_handle;
/* Preferences for OSI over TPKT over TCP */
static gboolean tpkt_desegment = FALSE;
gboolean
osi_calc_checksum( tvbuff_t *tvb, int offset, guint len, guint32* c0, guint32* c1) {
guint available_len;
const guint8 *p;
guint seglen;
guint i;
available_len = tvb_captured_length_remaining( tvb, offset );
if ( available_len < len )
return FALSE;
p = tvb_get_ptr( tvb, offset, len );
/*
* The maximum values of c0 and c1 will occur if all bytes have the
* value 255; if so, then c0 will be len*255 and c1 will be
* (len*255 + (len-1)*255 + ... + 255), which is
* (len + (len - 1) + ... + 1)*255, or 255*(len*(len + 1))/2.
* This means it can overflow if "len" is 5804 or greater.
*
* (A+B) mod 255 = ((A mod 255) + (B mod 255) mod 255, so
* we can solve this by taking c0 and c1 mod 255 every
* 5803 bytes.
*/
*c0 = 0;
*c1 = 0;
while (len != 0) {
seglen = len;
if (seglen > 5803)
seglen = 5803;
for (i = 0; i < seglen; i++) {
(*c0) += *(p++);
(*c1) += (*c0);
}
(*c0) = (*c0) % 255;
(*c1) = (*c1) % 255;
len -= seglen;
}
return TRUE;
}
gboolean
osi_check_and_get_checksum( tvbuff_t *tvb, int offset, guint len, int offset_check, guint16* result) {
guint available_len;
const guint8 *p;
guint8 discard = 0;
guint32 c0, c1, factor;
guint seglen, initlen = len;
guint i;
int block, x, y;
available_len = tvb_captured_length_remaining( tvb, offset );
offset_check -= offset;
if ( ( available_len < len ) || ( offset_check < 0 ) || ( (guint)(offset_check+2) > len ) )
return FALSE;
p = tvb_get_ptr( tvb, offset, len );
block = offset_check / 5803;
/*
* The maximum values of c0 and c1 will occur if all bytes have the
* value 255; if so, then c0 will be len*255 and c1 will be
* (len*255 + (len-1)*255 + ... + 255), which is
* (len + (len - 1) + ... + 1)*255, or 255*(len*(len + 1))/2.
* This means it can overflow if "len" is 5804 or greater.
*
* (A+B) mod 255 = ((A mod 255) + (B mod 255) mod 255, so
* we can solve this by taking c0 and c1 mod 255 every
* 5803 bytes.
*/
c0 = 0;
c1 = 0;
while (len != 0) {
seglen = len;
if ( block-- == 0 ) {
seglen = offset_check % 5803;
discard = 1;
} else if ( seglen > 5803 )
seglen = 5803;
for (i = 0; i < seglen; i++) {
c0 = c0 + *(p++);
c1 += c0;
}
if ( discard ) {
/*
* This works even if (offset_check % 5803) == 5802
*/
p += 2;
c1 += 2*c0;
len -= 2;
discard = 0;
}
c0 = c0 % 255;
c1 = c1 % 255;
len -= seglen;
}
factor = ( initlen - offset_check ) * c0;
x = factor - c0 - c1;
y = c1 - factor - 1;
/*
* This algorithm uses the 8 bits one's complement arithmetic.
* Therefore, we must correct an effect produced
* by the "standard" arithmetic (two's complement)
*/
if (x < 0 ) x--;
if (y > 0 ) y++;
x %= 255;
y %= 255;
if (x == 0) x = 0xFF;
if (y == 0) y = 0x01;
*result = ( x << 8 ) | ( y & 0xFF );
return TRUE;
}
/* 4 octet ATN extended checksum: ICAO doc 9705 Ed3 Volume V section 5.5.4.6.4 */
/* It is calculated over TP4 userdata (all checksums set to zero ) and a pseudo tailer */
/* of length SRC-NSAP, SRC-NSAP, length DST-NSAP, DST-NSAP and ATN extended checksum. */
/* In case of a CR TPDU, the value of the ISO 8073 16-bit fletcher checksum parameter shall */
/* be set to zero. */
guint32 check_atn_ec_32(
tvbuff_t *tvb, guint tpdu_len,
guint offset_ec_32_val, /* offset ATN extended checksum value, calculated at last as part of pseudo trailer */
guint offset_iso8073_val, /* offset ISO 8073 fletcher checksum, CR only*/
guint clnp_dst_len, /* length of DST-NSAP */
const guint8 *clnp_dst, /* DST-NSAP */
guint clnp_src_len, /* length of SRC-NSAP */
const guint8 *clnp_src) /* SRC-NSAP */
{
guint i = 0;
guint32 c0 = 0;
guint32 c1 = 0;
guint32 c2 = 0;
guint32 c3 = 0;
guint32 sum = 0;
/* sum across complete TPDU */
for ( i =0; i< tpdu_len; i++){
c0 += tvb_get_guint8(tvb, i) ;
if( ( i >= offset_ec_32_val ) && /* ignore 32 bit ATN extended checksum value */
( i < ( offset_ec_32_val + 4 ) ) ) {
c0 -= tvb_get_guint8(tvb, i);
}
if( ( offset_iso8073_val ) && /* ignore 16 bit ISO 8073 checksum, if present*/
( i >= offset_iso8073_val ) &&
( i < ( offset_iso8073_val + 2 ) ) ) {
c0 -= tvb_get_guint8(tvb, i);
}
if ( c0 >= 0x000000FF )
c0 -= 0x00000FF;
c1 += c0;
if ( c1 >= 0x000000FF )
c1 -= 0x000000FF;
c2 += c1;
if ( c2 >= 0x000000FF )
c2 -= 0x000000FF;
c3 += c2;
if ( c3 >= 0x000000FF )
c3 -= 0x000000FF;
}
/* add NSAP parts of pseudo trailer */
c0 += clnp_dst_len;
if ( c0 >= 0x000000FF )
c0 -= 0x000000FF;
c1 += c0;
if ( c1 >= 0x000000FF )
c1 -= 0x000000FF;
c2 += c1;
if ( c2 >= 0x000000FF )
c2 -= 0x000000FF;
c3 += c2;
if ( c3 >= 0x000000FF )
c3 -= 0x000000FF;
for ( i =0; i< clnp_dst_len; i++){
c0 += clnp_dst[i];
if ( c0 >= 0x000000FF )
c0 -= 0x000000FF;
c1 += c0;
if ( c1 >= 0x000000FF )
c1 -= 0x000000FF;
c2 += c1;
if ( c2 >= 0x000000FF )
c2 -= 0x000000FF;
c3 += c2;
if ( c3 >= 0x000000FF )
c3 -= 0x000000FF;
}
c0 += clnp_src_len;
if ( c0 >= 0x000000FF )
c0 -= 0x000000FF;
c1 += c0;
if ( c1 >= 0x000000FF )
c1 -= 0x000000FF;
c2 += c1;
if ( c2 >= 0x000000FF )
c2 -= 0x000000FF;
c3 += c2;
if ( c3 >= 0x000000FF )
c3 -= 0x000000FF;
for ( i =0; i< clnp_src_len; i++){
c0 += clnp_src[i];
if ( c0 >= 0x000000FF )
c0 -= 0x000000FF;
c1 += c0;
if ( c1 >= 0x000000FF )
c1 -= 0x000000FF;
c2 += c1;
if ( c2 >= 0x000000FF )
c2 -= 0x000000FF;
c3 += c2;
if ( c3 >= 0x000000FF )
c3 -= 0x000000FF;
}
/* add extended checksum as last part of the pseudo trailer */
for ( i = offset_ec_32_val; i< (offset_ec_32_val+4); i++){
c0 += tvb_get_guint8(tvb, i) ;
if ( c0 >= 0x000000FF )
c0 -= 0x00000FF;
c1 += c0;
if ( c1 >= 0x000000FF )
c1 -= 0x000000FF;
c2 += c1;
if ( c2 >= 0x000000FF )
c2 -= 0x000000FF;
c3 += c2;
if ( c3 >= 0x000000FF )
c3 -= 0x000000FF;
}
sum = (c3 << 24) + (c2 << 16 ) + (c1 << 8) + c0;
return sum;
}
/* 2 octet ATN extended checksum: ICAO doc 9705 Ed3 Volume V section 5.5.4.6.4 */
/* It is calculated over TP4 userdata (all checksums set to zero ) and a pseudo tailer */
/* of length SRC-NSAP, SRC-NSAP, length DST-NSAP, DST-NSAP and ATN extended checksum. */
/* In case of a CR TPDU, the value of the ISO 8073 16-bit fletcher checksum parameter shall */
/* be set to zero. */
/* this routine is currently *untested* because of the unavailability of samples.*/
guint16 check_atn_ec_16(
tvbuff_t *tvb,
guint tpdu_len,
guint offset_ec_16_val, /* offset ATN extended checksum value, calculated at last as part of pseudo trailer */
guint offset_iso8073_val, /* offset ISO 8073 fletcher checksum, CR only*/
guint clnp_dst_len, /* length of DST-NSAP */
const guint8 *clnp_dst, /* DST-NSAP */
guint clnp_src_len, /* length of SRC-NSAP */
const guint8 *clnp_src) /* SRC-NSAP */
{
guint i = 0;
guint16 c0 = 0;
guint16 c1 = 0;
guint16 sum;
/* sum across complete TPDU */
for ( i =0; i< tpdu_len; i++){
c0 += tvb_get_guint8(tvb, i);
if( (i >= offset_ec_16_val) && /* ignore 16 bit extended checksum */
(i < (offset_ec_16_val + 2) ) ) {
c0 -= tvb_get_guint8(tvb, i) ;
}
if( (i >= offset_iso8073_val) && /* ignore 16 bit ISO 8073 checksum, if present*/
(i < (offset_iso8073_val + 2) ) ) {
c0 -= tvb_get_guint8(tvb, i) ;
}
if ( c0 >= 0x00FF )
c0 -= 0x00FF;
c1 += c0;
if ( c1 >= 0x00FF )
c1 -= 0x00FF;
}
/* add NSAP parts of pseudo trailer */
c0 += clnp_dst_len;
if ( c0 >= 0x00FF )
c0 -= 0x00FF;
c1 += c0;
if ( c1 >= 0x00FF )
c1 -= 0x00FF;
for ( i =0; i< clnp_dst_len; i++){
c0 += clnp_dst[i];
if ( c0 >= 0x00FF )
c0 -= 0x00FF;
c1 += c0;
if ( c1 >= 0x00FF )
c1 -= 0x00FF;
}
c0 += clnp_src_len;
if ( c0 >= 0x00FF )
c0 -= 0x00FF;
c1 += c0;
if ( c1 >= 0x00FF )
c1 -= 0x00FF;
for ( i =0; i< clnp_src_len; i++){
c0 += clnp_src[i];
if ( c0 >= 0x00FF )
c0 -= 0x00FF;
c1 += c0;
if ( c1 >= 0x00FF )
c1 -= 0x00FF;
}
/* add extended checksum as last part of the pseudo trailer */
for ( i = offset_ec_16_val; i< (offset_ec_16_val+2); i++){
c0 += tvb_get_guint8(tvb, i) ;
if ( c0 >= 0x00FF )
c0 -= 0x00FF;
c1 += c0;
if ( c1 >= 0x00FF )
c1 -= 0x00FF;
}
sum = (c1 << 8) + c0 ;
return sum;
}
/* main entry point */
/*
* These assume the NLPID is a secondary protocol identifier, not an
* initial protocol identifier.
*
* This is an issue only if, in any packet where an NLPID appears, it's
* an initial protocol identifier *AND* it can have the value 1, which
* means T.70 for an IPI and X.29 for an SPI.
*/
const value_string nlpid_vals[] = {
{ NLPID_NULL, "NULL" },
{ NLPID_SPI_X_29, "X.29" },
{ NLPID_X_633, "X.633" },
{ NLPID_Q_931, "Q.931" },
{ NLPID_Q_2931, "Q.2931" },
{ NLPID_Q_2119, "Q.2119" },
{ NLPID_SNAP, "SNAP" },
{ NLPID_ISO8473_CLNP, "CLNP" },
{ NLPID_ISO9542_ESIS, "ESIS" },
{ NLPID_ISO10589_ISIS, "ISIS" },
{ NLPID_ISO10747_IDRP, "IDRP" },
{ NLPID_ISO9542X25_ESIS, "ESIS (X.25)" },
{ NLPID_ISO10030, "ISO 10030" },
{ NLPID_ISO11577, "ISO 11577" },
{ NLPID_COMPRESSED, "Data compression protocol" },
{ NLPID_IP, "IP" },
{ NLPID_TRILL, "TRILL" },
{ NLPID_SNDCF, "SubNetwork Dependent Convergence Function"},
{ NLPID_IP6, "IPv6" },
{ NLPID_PPP, "PPP" },
{ 0, NULL },
};
static dissector_table_t osinl_incl_subdissector_table;
static dissector_table_t osinl_excl_subdissector_table;
static dissector_handle_t ppp_handle;
/* Dissect OSI over TCP over TPKT */
static int
dissect_osi_tpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
dissect_tpkt_encap(tvb, pinfo, tree, tpkt_desegment, osi_handle);
return tvb_captured_length(tvb);
}
static int dissect_osi_juniper(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
guint8 nlpid;
tvbuff_t *next_tvb;
nlpid = tvb_get_guint8(tvb, 0);
if(dissector_try_uint(osinl_incl_subdissector_table, nlpid, tvb, pinfo, tree))
return tvb_captured_length(tvb);
next_tvb = tvb_new_subset_remaining(tvb, 1);
dissector_try_uint(osinl_excl_subdissector_table, nlpid, next_tvb, pinfo, tree);
return tvb_captured_length(tvb);
}
static int dissect_osi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
guint8 nlpid;
tvbuff_t *new_tvb;
nlpid = tvb_get_guint8(tvb, 0);
/*
* Try the subdissector table for protocols in which the NLPID is
* considered part of the PDU; it should be handed a tvbuff that
* includes the NLPID, and should put the NLPID into the protocol
* tree itself.
*/
if (dissector_try_uint(osinl_incl_subdissector_table, nlpid, tvb, pinfo, tree))
return tvb_captured_length(tvb);
/*
* Try the subdissector table for protocols in which the NLPID is
* *not* considered part of the PDU; it should be handed a tvbuff
* that doesn't include the NLPID, and we should put the NLPID into
* the protocol tree ourselves.
*/
proto_tree_add_uint(tree, hf_osi_nlpid, tvb, 0, 1, nlpid);
new_tvb = tvb_new_subset_remaining(tvb, 1);
if (dissector_try_uint(osinl_excl_subdissector_table, nlpid, new_tvb, pinfo, tree))
return tvb_captured_length(tvb);
switch (nlpid) {
/* ESIS (X.25) is not currently decoded */
case NLPID_ISO9542X25_ESIS:
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ESIS (X.25)");
call_data_dissector(tvb, pinfo, tree);
break;
case NLPID_ISO10747_IDRP:
col_set_str(pinfo->cinfo, COL_PROTOCOL, "IDRP");
call_data_dissector(tvb, pinfo, tree);
break;
default:
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISO");
col_add_fstr(pinfo->cinfo, COL_INFO, "Unknown ISO protocol (%02x)", nlpid);
call_data_dissector(tvb, pinfo, tree);
break;
}
return tvb_captured_length(tvb);
} /* dissect_osi */
void
proto_reg_handoff_osi(void)
{
dissector_handle_t osi_tpkt_handle, osi_juniper_handle;
osi_handle = create_dissector_handle(dissect_osi, proto_osi);
dissector_add_uint("llc.dsap", SAP_OSINL1, osi_handle);
dissector_add_uint("llc.dsap", SAP_OSINL2, osi_handle);
dissector_add_uint("llc.dsap", SAP_OSINL3, osi_handle);
dissector_add_uint("llc.dsap", SAP_OSINL4, osi_handle);
dissector_add_uint("llc.dsap", SAP_OSINL5, osi_handle);
dissector_add_uint("ppp.protocol", PPP_OSI, osi_handle);
dissector_add_uint("chdlc.protocol", CHDLCTYPE_OSI, osi_handle);
dissector_add_uint("null.type", BSD_AF_ISO, osi_handle);
dissector_add_uint("gre.proto", SAP_OSINL5, osi_handle);
dissector_add_uint("ip.proto", IP_PROTO_ISOIP, osi_handle); /* ISO network layer PDUs [RFC 1070] */
osi_juniper_handle = create_dissector_handle(dissect_osi_juniper, proto_osi);
dissector_add_uint("juniper.proto", JUNIPER_PROTO_ISO, osi_juniper_handle);
dissector_add_uint("juniper.proto", JUNIPER_PROTO_CLNP, osi_juniper_handle);
dissector_add_uint("juniper.proto", JUNIPER_PROTO_MPLS_CLNP, osi_juniper_handle);
ppp_handle = find_dissector("ppp");
osi_tpkt_handle = create_dissector_handle(dissect_osi_tpkt, proto_osi);
dissector_add_for_decode_as_with_preference("tcp.port", osi_tpkt_handle);
}
void
proto_register_osi(void)
{
static hf_register_info hf[] = {
{ &hf_osi_nlpid,
{ "Network Layer Protocol Identifier", "osi.nlpid", FT_UINT8, BASE_HEX,
VALS(nlpid_vals), 0x0, NULL, HFILL }},
};
module_t *osi_module;
proto_osi = proto_register_protocol("OSI", "OSI", "osi");
proto_register_field_array(proto_osi, hf, array_length(hf));
/* There's no "OSI" protocol *per se*, but we do register a
dissector table so various protocols running at the
network layer can register themselves.
all protocols that require inclusion of the NLPID
should register here
*/
osinl_incl_subdissector_table = register_dissector_table("osinl.incl",
"OSI incl NLPID", proto_osi, FT_UINT8, BASE_HEX);
/* This dissector table is for those protocols whose PDUs
* aren't* defined to begin with an NLPID.
* (typically non OSI protocols like IP,IPv6,PPP */
osinl_excl_subdissector_table = register_dissector_table("osinl.excl",
"OSI excl NLPID", proto_osi, FT_UINT8, BASE_HEX);
/* Preferences how OSI protocols should be dissected */
osi_module = prefs_register_protocol(proto_osi, NULL);
prefs_register_bool_preference(osi_module, "tpkt_reassemble",
"Reassemble segmented TPKT datagrams",
"Whether segmented TPKT datagrams should be reassembled",
&tpkt_desegment);
}
/*
* Editor modelines - http://www.wireshark.org/tools/modelines.html
*
* Local Variables:
* c-basic-offset: 2
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* ex: set shiftwidth=2 tabstop=8 expandtab:
* :indentSize=2:tabSize=8:noTabs=true:
*/